Bug#513413: AST-2009-001: Information leak in IAX2 authentication

Moritz Muehlenhoff jmm at debian.org
Wed Jan 28 21:31:00 UTC 2009 

Package: asterisk
Severity: normal

Please see CVE-2008-0041:
http://www.securityfocus.com/archive/1/archive/1/499884/100/0/threaded

This doesn't warrant a DSA, but please keep in mind for the next
Asterisk DSA (which will surely come in the future).

Cheers,
        Moritz

-- System Information:
Debian Release: 5.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15 at euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages asterisk depends on:
ii  adduser                3.110             add and remove users and groups
pn  asterisk-config | aste <none>            (no description available)
pn  asterisk-sounds-main   <none>            (no description available)
ii  libasound2             1.0.16-2          ALSA library
pn  libc-client2007b       <none>            (no description available)
ii  libc6                  2.7-18            GNU C Library: Shared libraries
ii  libcap1                1:1.10-14         support for getting/setting POSIX.
ii  libcurl3               7.18.2-8          Multi-protocol file transfer libra
ii  libgcc1                1:4.3.3-1         GCC support library
ii  libgsm1                1.0.12-1          Shared libraries for GSM speech co
pn  libiksemel3            <none>            (no description available)
ii  libncurses5            5.7+20090124-1    shared libraries for terminal hand
ii  libnewt0.52            0.52.2-11.3       Not Erik's Windowing Toolkit - tex
ii  libogg0                1.1.3-4           Ogg Bitstream Library
ii  libpopt0               1.14-4            lib for parsing cmdline parameters
ii  libpq5                 8.3.5-1           PostgreSQL C client library
pn  libpri1.0              <none>            (no description available)
pn  libradiusclient-ng2    <none>            (no description available)
pn  libsnmp15              <none>            (no description available)
ii  libspeex1              1.2~rc1-1         The Speex codec runtime library
pn  libspeexdsp1           <none>            (no description available)
pn  libsqlite0             <none>            (no description available)
ii  libssl0.9.8            0.9.8g-15         SSL shared libraries
ii  libstdc++6             4.3.3-1           The GNU Standard C++ Library v3
pn  libtonezone1           <none>            (no description available)
ii  libvorbis0a            1.2.0.dfsg-3.1    The Vorbis General Audio Compressi
ii  libvorbisenc2          1.2.0.dfsg-3.1    The Vorbis General Audio Compressi
pn  libvpb0                <none>            (no description available)
pn  unixodbc               <none>            (no description available)
ii  zlib1g                 1:1.2.3.3.dfsg-12 compression library - runtime

asterisk recommends no packages.

Versions of packages asterisk suggests:
pn  asterisk-dev                  <none>     (no description available)
pn  asterisk-doc                  <none>     (no description available)
pn  asterisk-h323                 <none>     (no description available)
pn  ekiga                         <none>     (no description available)
pn  kphone                        <none>     (no description available)
pn  ohphone                       <none>     (no description available)
pn  twinkle                       <none>     (no description available)

More information about the Pkg-voip-maintainers mailing list